Open source rules the world!
Open-source software is everywhere.
“Open source software is less secure”
With all else being equal, open source code with many people (including, for example, paid security researchers) being able to review an application’s source code tends to make it more secure, not less.
“If we use open-source tools, we’ll have to release our work as open source as well”
The common open source licenses say nothing about needing to release the code for products that use open source libraries or software; we only have to give attribution. Only if we modify the code (for example, in the event we wanted to build a custom SCW version of a library or application) does the “copyleft” requirement apply.
“If we rely on open-source tools, we’d be snookered if they suddenly decided to close the source and start charging money”
The major open licenses are all irrevocable. Once a version of a tool or library has been released under an open license, that tool or library is open source in perpetuity. It’s always possible that (especially corporate-backed) projects could go closed-source for future versions, but in that case it is very likely that someone will take the last open version and “fork” it off into a separate project - this has happened many times e.g. LibreOffice from OpenOffice, MariaDB from MySQL.
“If we use an open-source tool on sensitive/proprietary data (e.g. SUS) we are at risk of this leaking out, or we are required to release it along with our code”
The open source licenses apply to the code itself, not the data we use it on. Even if we did decide to release one of our own products as open source, there is no requirement at all to publish any data alongside it. Furthermore, the fact that we can inspect the source code means we can assure ourselves as to how safe a tool is ourselves; with closed-source tools we have to trust the developer’s word for it (or, at best, an external security audit). Open tools such as R, python and PostgreSQL are in widespread use even with highly sensitive data (banks, governments, healthcare).
Links, etc
Contact:
Code & Slides:
at least not easily possible
with exception of some kernel components
there are technically differences, but the terms are often used interchangeably
SAT // Open Source Intro // Prepared in June 2025